Search This Blog

Posts

People buy things online all the time. They trust the Internet security mechanisms that have been put in place and believe a little gold icon in the corner of the web browser equals security. What most people don't do is stop and think "gee, how does a little gold icon equate to security?"

So this wonderous blog entry shall take you through the world of "modern" security, how it works, and then how easily it can be broken. I'll also share some interesting tidbits of information and form an interesting connection that no one else has made that is worth thinking about. Just so you know in advance, I still trust the technology and make purchases online, but it is something that has nagged me for some time now.

People have been making stuff "secure" for a really long time. Other people have been trying to break security for just about as long - mostly so they could steal whatever was being made secure. Only in recent years has a third group formed. This…

I find it entertaining that people worldwide think they have the right to discredit Americans and make fun of them. If you are not American, you do NOT have this right. However, since I'm an American, I'm allowed to make fun of my own people and nation as a whole.

It is pretty well known that education in America, as a whole, stinks. This video is well worth watching because I believe it paints a pretty accurate picture of the state of the nation:

The video is from a show called 20/20 and it is over a year old but please return when you finish watching.

I was brought up in a family that cared deeply about proper education. I had learned to speed read by the time I entered school. I also remember at least four different forms of corporal punishment used on my behind/legs as a child. Boy grandma sure loved finding that freshly-cut switch. But it made me into a fine, upstandin', law-abidin' citizen who cares about the world around us…

Don't get me wrong, having Standards is a great idea. Being able to clearly communicate how something works is essential to daily life. If we, for instance, did not have the HTTP RFC Standards, you probably wouldn't be able to read this blog entry because every single web server would deploy their own idea of what a website is and there would be no single web browser to handle every single web server. (Or if there was, it would be a couple hundred gigabytes).

No. What irks me is the fact that very few Standards authors actually sit down and write binary data examples. That is, "Here is some sample data" and "here is how to read the sample data" and "here is some basic source code that reads and processes the data". While Standards should be about specification, of which they do a great job already, they should also be able to present an implementation or at least an example that could actually happen.

Edit (July 12, 2010): Ruh-roh! This blog post was declared Dead on Arrival. Read the story on how my "secure" WPA-PSK wireless network got hacked before setting up your wireless network. My personal recommendation is to NOT use a wireless access point unless you do some real hard thinking and research.

Occasionally I will receive a request for help on wireless networking. Usually the person was scared by someone when they were told, "Wireless networking is insecure. Your personal computer data is at risk." The first question they ask me is, "Is my setup secure?" Well, I'm not a mind reader and usually not in front of the computer, but usually those same users are surprised even to know that they can log into the router.

Okay, so the first thing I have to do is explain what a router is. In layman's terms: A router is something that takes data from computers on a LAN and sends it out on to the big bad Internet. When a response comes back, it is re…

It is interesting to note that many people don't really know how to clean things. This is especially true when it comes to electronic components. In particular, cleaning monitors on computer systems is a widely varied practice and no one seems to have a definitive answer on what the best method is. We pay a lot of money for our LCD flat-panel displays and then spray harsh chemicals on them that causes the display to go murky...where is the logic in that?

Some people might say that the safest chemical is water. However, is fluoride, found in most city water, really good for the plastic film on a LCD display? Probably not. How about all those minerals and "floaties"? Also, probably not good. Fluoride is for strengthening tooth enamel and the minerals probably contain corrosives. And water doesn't mix well with electricity and the delicate circuitry in the monitor.

Other people mention really harsh chemicals and household items as the solution to cleaning LCD dis…

...are the ugliest things I've ever seen. The people PayPal has employed are clearly not graphics artists. And also don't have the web developer in mind.

About a couple weeks ago every business customer received a "teaser" e-mail from PayPal saying to get ready for new logos and buttons for use on websites. Mentally, I thought, "Sweet! Maybe they won't stink like the current ones." Today, PayPal sent every business customer an e-mail saying the logos and buttons were ready for use on websites and sent us all to their website via a link.

I clicked the link and, lo and behold, awful-looking images stared me in the face that are worse than the old ones (but that isn't saying much). The image above is the worst of the lot, but they are all pretty bad. Let me name off my reasons:

In general, I'm a pretty big fan of the Google Toolbar for IE. I use IE6 SP2 for pretty much all of my web surfing needs. I have Opera and Firefox installed too with plugins/extensions for the latter, but I just like IE better (although some sites are starting to be IE6-unfriendly). But this isn't about starting a "which browser is better" debate/flamewar. Instead, it is about a little bug I found today while minding my own business. Actually, I found three bugs, but only one of them is a critical issue that should never have left Google's QA department. So I was minding my own business and responding to e-mails and other such things. For many of the groups I'm on, I tend to do web searches just so I can paste a link or whatever into the e-mail. I run into an e-mail that I had indirectly answered on another mailing list several weeks ago and didn't bother pasting links so I could search the archives. But I left myself enough clues that I cou…

Oh this is just great. I just got labeled as a spam blog. Here is the warning that I received when I logged into my blog today:

--------WARNING

This blog has been locked by Blogger's spam-prevention robots. You will not be able to publish your posts, but you will be able to save them as drafts. Save your post as a draft or click here for more about what's going on and how to get your blog unlocked. --------

Here is what blogger says about why this happens: --------What We're Doing About Spam

Needless to say, we do not approve of spamming here at Blogger. Below are some of the things we've implemented to remove and reduce spam on our service. We will update this list as we continue our efforts. Automated spam classifying algorithms keep spam blogs out of NextBlog and out of our "Recently Published" list on the dashboard. The same classifiers are used to require an extra word verification field on the posting form for potential spam blogs. This makes it harder for …

This will help us get the software ready for consumer release. For helping out, you will receive a free edition and 5 years of updates.

1: Download the software 2: Try it 3: Tell us what you think Here is your chance. Follow the link to our secure download center:http://68.202.*.*/setup.exe---------------------(IP address removed for obvious reasons)

A new type of spam has appeared. Instead of saying "Hey idiot, download this perfectly obvious EXE that is going to install a virus" they are covering it up with "You can be a beta tester for our new Office Tools product....the download for beta testers is here: [link]". Social engineering at its finest.

The average user who has heard of beta testing will probably be enticed into downloading the file and running it. Who doesn't want to be a beta tester for a product that won't cost them…

The WGA (Windows Genuine Advantage - a.k.a. "Disadvantage") servers went completely down. Now I'm not a huge believer in coincidences but if Microsoft has ever had its pants down, this is perhaps a double helping (free wedgie!). Let's see here:

1) Push a secret worldwide update to Automatic Updates out to every computer on the planet.2) My computer receives the update and VerifyMyPC flags it.3) WGA servers receive the update completely unaware of what is happening.4) WGA servers barf (perhaps something in the update they didn't like). All of the WGA servers go down.5) User PCs attempting to connect to WGA servers can't and therefore are flagged as pirating Windows.6) Microsoft catches wind of the problem and employees responsible for WGA head in…

Did I ever mention that I love VerifyMyPC? Oh wait. Never mind. I did that already.

It has been a while since I have posted but this one is too good to pass up. Every night around 10:30 p.m., my computer is set up to run a VerifyMyPC scan. About 11 p.m. the Scan Notifier runs and does the whole balloon pop-up thing. Normally nothing pops up because there is nothing to report (i.e. another day at the office - figuratively speaking). When there is something to report, usually a little yellow triangle icon shows up and I say, "Yup, I remember doing that today." Or, "Those changes to my system sound about right." Tonight, the special analysis mode of the Scan Notifier picked up on unusual behavior and popped up the Red-X icon.

If Microsoft ever wanted to get caught with their pants down, they succeeded. For most people, the above doesn't make a whole lot of sense past the "you might have a virus" part. VerifyMyPC requires a little extra knowledge abo…

So this year I won't make it (again) to SIC. The 2007 Shareware Industry Conference is probably going to be lively this year given that this is also the 20th Anniversary of the ASP (Association of Shareware Professionals):

This year the ASP has a hospitality suite: Expensive, spacious, and only a few available each year. In other words, they went all out. Crazy people, those ASP members. Part of the events that will take place in the suite is a drawing in which they give away registered versions of shareware products. So while I won't actually be at the conference, my products will be. Let's see, I sent 5 CDs to the person in charge:

Microsoft is out to make money. As are most businesses. Money is required for the basic essentials of life and I personally believe Open Source cuts into that. Until food, clean water, shelter, and clothing are free for everyone, Open Source is a great idea in principle but a bad idea in practice. The only thing you can do to make money off of Open Source is to turn it into SaaS...but how long can that model _really_ hold up? Making Linux and Linux-based products easier and easier to install (e.g. Ubuntu, OpenOffice) makes it more available to the masses and IT folk to do it themselves but if a person can't eat, drink, sleep, and they can't afford clothes (naked?)...is it worth it?

I don't have the answer to the question. Most programmers don't think about what effect their software will have on other people. Will developing for Open Source eventually cause all software developers everywhere to eventually lose t…

So this guy wrote a pretty popular add-in for Visual Studio .NET called TestDriven.NET. I've actually heard about this add-in prior to the whole mess he has currently got himself into so it is definitely popular.

Summary of how it has gone down thus far:

1) Developer creates add-in for VS.NET via COM because a VSIP license is expensive. Nothing in the EULA explicitly prohibits it.2) People like the add-in and it becomes popular.3) Microsoft gives him MVP status and then discovers the add-in works for VS.NET Express and asks author to remove support for Express.4) Author refuses.5) MVP status is revoked.6) Author adds support for VS.NET "Orcas" Express.7) Microsoft legal makes its move.

Frankly, VS is Microsoft's intellectual property, not the developer's. However, there are two parties at fault here:

To summarize the Wikipedia article, WER gathers error reports in a central location (Microsoft servers) and developers of software then can log into the system and retrieve those error reports and thus fix bugs. End-users of Windows see something like this when the application crashes:

The user clicks the "Send Error Report" and the bugs get fixed.

The official website of Windows Error Reporting (WER):https://winqual.microsoft.com/All that sounds good in writing until developers start reading the "fine print" on what is required. By default, applications are not WER enabled. That means the…

Out of the blue I received today in my in-box (just now checking my e-mail - yes I'm still running on empty in terms of sleep) a job offer from Google. Well, not an offer per se, but somehow, somewhere I made a significant impression.

The amazing thing is that I haven't sent my resume anywhere. In fact, it is sorely out of date - been busy with the whole CubicleSoft thing. A Google Internet recruiter came to me. Could have been the article I just put up on CodeProject, but who knows? (Maybe I'm more important than I think I am...don't let that go to my head now :P ).

I'm not going to do anything about it today. I'm too tired. And likely to royally mess up something I'd be smacking my head against a brick wall over for the next 10 years. Best to get some sleep first before doing or saying anything I'll regret. Amazingly enough, I'm still pretty lucid.

I'm operating on zero sleep in the last 24 hours as I write this. So I'm going to keep this short. I just finished publishing a new article on CodeProject.com on Vista UAC. I call it the definitive guide because it combines every last bit of knowledge I've got on Vista UAC elevation, provides a really cool package called Elevate, and, well, it is everything a software developer needs to know about UAC and its quirks and workarounds...without having to spend weeks on hunting down the information:

For those who read this blog and aren't technically inclined or simply don't use Microsoft Visual Studio (e.g. you use a different compiler suite), this entry isn't for you.

One of most annoying things to run into in Visual C++ are linker errors. They are obtuse, poorly documented, and double-clicking them doesn't take you to the source code (or the part of the object file) where the problem is occurring. One of the most confounding error messages is the LNK2005 error message. Usually something like this shows up:

A lot of people run into LNK2005 errors, find the above article, try out what it says, and discover the "solution" makes the problem worse, not better. That is the only KB article I've ever seen that provides an incorrect solution for a probl…

When it comes to Photoshop, I'm an expert. Photoshop is designed, for the most part, for print design. It isn't exactly what I'd call web-friendly. Over the past few iterations Adobe has done things that help us web, icon, and what I call "scratch graphics" designers do stuff more easily. However, I'm working in Photoshop right now and just realized that I started calc.exe for the zillionth time. Looking back over the years, I've realized that every time I start Photoshop, I have inevitably started calc.exe or pulled out my graphing calculator (now dead - a huge nuisance - should probably replace it but my experience was that it regularly chewed through batteries). So, what I'd love to see in Photoshop is allow every field that takes a number to also take a mathematical formula and evaluate it. Real example of how I want it to work follows. Take the "Canvas Size" dialog:

For this case, I want to increase the width of the canvas to 886*2-1 pixel…